tvierling
commented
1 year ago This is a bug in your security scanner which needs to be taught that certain packages have multiple flavors. These are false positive findings.
For an explanation of this issue, see where I documented this for the Trivy scanner project: https://github.com/aquasecurity/trivy/issues/1967#issuecomment-1092987400
I'm using oraclelinux:7 as my base image, but still, it has a few high vulnerabilities. Could you please suggest getting the updated openssl-libs with oraclelinux:7 ? Or where can we download the OpenSSL-libs library with the patch?
✗ Medium severity vulnerability found in openssl-libs Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2602940 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.2k-23.ksplice1.el7_9
✗ Medium severity vulnerability found in openssl-libs Description: ELSA-2017-3518 Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606539 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.1e-60.ksplice1.el7_3.1
✗ Medium severity vulnerability found in openssl-libs Description: ELSA-2019-4754 Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606752 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.2k-19.0.1.ksplice1.el7
✗ High severity vulnerability found in openssl-libs Description: Cryptographic Issues Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2505233 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5
✗ High severity vulnerability found in openssl-libs Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2505373 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5
✗ High severity vulnerability found in openssl-libs Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2505618 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5
✗ High severity vulnerability found in openssl-libs Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2505658 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5
✗ High severity vulnerability found in openssl-libs Description: Numeric Errors Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2507388 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7
✗ High severity vulnerability found in openssl-libs Description: Resource Management Errors Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2507411 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7
✗ High severity vulnerability found in openssl-libs Description: Information Exposure Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2507587 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7
✗ High severity vulnerability found in openssl-libs Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2507608 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7
✗ High severity vulnerability found in openssl-libs Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2508032 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5
✗ High severity vulnerability found in openssl-libs Description: Out-of-Bounds Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2508213 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5
✗ High severity vulnerability found in openssl-libs Description: Numeric Errors Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2508299 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.1e-51.ksplice1.el7_2.5
✗ High severity vulnerability found in openssl-libs Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2509593 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7
✗ High severity vulnerability found in openssl-libs Description: Out-of-bounds Read Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2510037 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7
✗ High severity vulnerability found in openssl-libs Description: Improper Input Validation Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2510043 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7
✗ High severity vulnerability found in openssl-libs Description: Out-of-bounds Write Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2510123 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7
✗ High severity vulnerability found in openssl-libs Description: Memory Leak Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2510229 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.1e-51.ksplice1.el7_2.7
✗ High severity vulnerability found in openssl-libs Description: NULL Pointer Dereference Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2588958 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.2k-22.ksplice1.el7_9
✗ High severity vulnerability found in openssl-libs Description: Integer Overflow or Wraparound Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2590607 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.2k-22.ksplice1.el7_9
✗ High severity vulnerability found in openssl-libs Description: Loop with Unreachable Exit Condition ('Infinite Loop') Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2605530 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 10:1.0.2k-25.el7_9_fips
✗ High severity vulnerability found in openssl-libs Description: ELSA-2016-3523 Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606481 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.1e-51.ksplice1.el7_2.4
✗ High severity vulnerability found in openssl-libs Description: ELSA-2018-4077 Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606565 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.2k-12.0.1.ksplice1.el7
✗ High severity vulnerability found in openssl-libs Description: ELSA-2018-4267 Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606614 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.2k-16.0.1.ksplice1.el7
✗ High severity vulnerability found in openssl-libs Description: ELSA-2018-4253 Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606634 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.2k-12.0.3.ksplice1.el7
✗ High severity vulnerability found in openssl-libs Description: ELSA-2019-4581 Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606653 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.2k-16.0.1.ksplice1.el7_6.1
✗ High severity vulnerability found in openssl-libs Description: ELSA-2019-4581 Info: https://security.snyk.io/vuln/SNYK-ORACLE7-OPENSSLLIBS-2606653 Introduced through: openssl-libs@1:1.0.2k-25.el7_9 From: openssl-libs@1:1.0.2k-25.el7_9 Fixed in: 2:1.0.2k-16.0.1.ksplice1.el7_6.1
Package manager: rpm Platform: linux/amd64 Base image: oraclelinux:7.9
Thanks Manoj